On June 12th, 2023 at 5PM EST, the GitHub Service Team will upgrade the GitHub Enterprise appliance to version 3.8.4. The service may be unavailable for up to an hour. If longer downtime is expected, additional information will be posted via the service portal.
During the maintenance period, no users will be able to access the service or hosted repositories in any way.
- MEDIUM: Scoped installation tokens for a GitHub App kept approved permissions after the permissions on the integration installation were downgraded or removed. GitHub has requested CVE ID CVE-2023-23765 for this vulnerability, which was reported via the GitHub Bug Bounty program.
- Packages have been updated to the latest security versions.
- If a user made a request to the Collaborators API’s Add a repository collaborator endpoint specifying a
write, the instance returned a
A full changelog is available via the GitHub Enterprise Release Notes – https://email@example.com/admin/release-notes#3.8.4